-
Notifications
You must be signed in to change notification settings - Fork 199
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Versions of plugins from settings.gradle are not checked #367
Comments
I suppose we would need to use Settings and evaluate both |
Closely related, it also does not check for these in the pluginManagement {
plugins { ... |
Yes, see my comment above @nedtwigg. We would need to use both of those methods to capture those dependencies. Since those are not configurations, we'd have to make a detached configuration with the dependencies, repositories, and resolution strategy that those methods provide. Then resolve and print in the report with everything else. |
It looks like |
Yes, if I recall correctly they use simple regex parsing of the build files rather than executing it. That has other limitations. The long-term approach that Github/Gradle are pursuing is outlined in this proposal and github issue. This would be similar to having static analyzers produce SARIF reports that the Github Security dashboard consumes, so it could simply be an action that feeds the current dependency graph into Github for a monitoring dashboard. |
https://github.com/jmfayard/refreshVersions can also handle it, so would be nice to have it here too :-) |
PRs welcome. 😁 |
As always and everywhere :-D |
Just adding a use case, the Foojay Toolchains Plugin. |
if someone wants to try this idea and send a pr that would be appreciated. |
Btw. imo |
Steps to reproduce:
settings.gradle(.kts)
for example "com.gradle.enterprise"updateDependencies
taskAt the time of writing there is a version 3.1.1.
More info about build scan plugin: https://docs.gradle.com/enterprise/gradle-plugin/#gradle_6_x_and_later
The text was updated successfully, but these errors were encountered: